Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3166
Views
10
Helpful
33
Replies

Cisco ASA 5506 not show routes

stephanie.ramirez1
Level 1
Level 1

‎08-16-2017 10:59 AM - edited ‎03-12-2019 02:49 AM

Does anyone knows, why Cisco ASA ASDM in monitor routes shows a route but in Configuration--> static routes doesnt show this route.

please help. Even in show running-config, doesnt shows this route.

Thanks 

Labels:
0 Helpful
33 Replies 33

stephanie.ramirez1
Level 1
Level 1
In response to Maykol Rojas

‎08-16-2017 03:15 PM

yes, let me see if i can turn off the vpn and make the change for this packet tracer, do you know if i can have redundancy betwen vpn´s?

0 Helpful

Maykol Rojas
Cisco Employee
Cisco Employee
In response to stephanie.ramirez1

‎08-16-2017 03:18 PM

Yes you can, you will just need to add some additional configuration on both devices. On this specific device, you just need to add the crypto map on the new interface. 

Mike. 

Mike
0 Helpful

stephanie.ramirez1
Level 1
Level 1
In response to Maykol Rojas

‎08-16-2017 03:40 PM

Ok thanks Maykol, by the way, when the VPN is down due to the priority change the interface Axtel, doesnt answer anymore. I only have to wait to turn off the vpn and do the packet tracer to send you.

0 Helpful

Maykol Rojas
Cisco Employee
Cisco Employee
In response to stephanie.ramirez1

‎08-16-2017 03:43 PM

Sonuds good. When you do that change, can you also add a route for the VPN peer through Axtel? 

Route axtel <vpn_peer> 255.255.255.255 187.162.87.97

Mike. 

Mike

stephanie.ramirez1
Level 1
Level 1
In response to Maykol Rojas

‎08-16-2017 03:46 PM

it is normal ? that if Axtel is not the main ISP cannot answer the interface?

this route: Route axtel <vpn_peer> 255.255.255.255 187.162.87.97 is for?

0 Helpful

Maykol Rojas
Cisco Employee
Cisco Employee
In response to stephanie.ramirez1

‎08-16-2017 03:50 PM

Yes. 

The route is to force the VPN to be established through the Axtel. 

Mike. 

Mike
0 Helpful

stephanie.ramirez1
Level 1
Level 1
In response to Maykol Rojas

‎08-16-2017 03:55 PM

This is my routing table, so at this point i can change the distance of the routes and make outside my main ISP ?

0 Helpful

Maykol Rojas
Cisco Employee
Cisco Employee
In response to stephanie.ramirez1

‎08-16-2017 04:04 PM

Yup, go ahead. 

Mike. 

Mike
0 Helpful

stephanie.ramirez1
Level 1
Level 1
In response to Maykol Rojas

‎08-16-2017 04:08 PM

and the vpn will still up with this change?

0 Helpful

Maykol Rojas
Cisco Employee
Cisco Employee
In response to stephanie.ramirez1

‎08-16-2017 04:10 PM

It should, yes. 

Mike. 

Mike
0 Helpful

stephanie.ramirez1
Level 1
Level 1
In response to Maykol Rojas

‎08-16-2017 04:14 PM

i will test this, and i will let you know.

Thanks Maykol

0 Helpful

stephanie.ramirez1
Level 1
Level 1
In response to Maykol Rojas

‎08-17-2017 07:32 AM

Hello maykol, now everything its working,

Thank you so much

0 Helpful

Maykol Rojas
Cisco Employee
Cisco Employee
In response to stephanie.ramirez1

‎08-17-2017 11:45 AM

Awesome news. Glad it works. 

Saludos. 

Mike
0 Helpful

stephanie.ramirez1
Level 1
Level 1
In response to Maykol Rojas

‎08-17-2017 08:07 AM

Hello Maykol

Do you have these commands, for vpn redundancy ?

Thanks

0 Helpful

Maykol Rojas
Cisco Employee
Cisco Employee
In response to stephanie.ramirez1

‎08-17-2017 11:44 AM

Sure. On your ASA, you need to apply the same crypto map on the new interface:

crypto map <name> interface outside 

crypto map <name> interface outside 

And on the other side, you need to configure the new peer on the crypto map: 

crypto map <name> set peer <asa_new_ip>. 

Mike. 

Mike
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card